This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Error when opening a WireShark capture

0

I was sent a wireshark capture from a customer but received the following error when I tried to open it:

The file "{network shared drive}CAD.cap" is a capture for a network type that Wireshark doesn't support. (Observer: unsupported file version ObserverPktBufferVersion=15.00)

I'm trying to get information on this but not able to find anything yet. If there might be some suggestions, it would be helpful.

asked 17 Jan '12, 08:25

Vinnypie's gravatar image

Vinnypie
1111
accept rate: 0%

If it's really a Wireshark capture, I would not expect the error message shown. Could the file have gotten mangled when it was copied/transferred ? For instance, treating the file as ASCII when using FTP will mess up the file...

(17 Jan '12, 08:55) Bill Meier ♦♦

I appreciate the response and have thought of that but get errors now matter how I try to open it. I will keep trying to get this figured out as I have asked the customer to provide more information. Thank you.

(17 Jan '12, 08:58) Vinnypie

One Answer:

0

I suspect that's not a Wireshark capture, but a capture from one of Network Instruments' Observer products.

If so, this is probably bug 5869; older versions of Wireshark couldn't handle captures from newer versions of Observer. The fix is in 1.6.0 (and thus all 1.6.x releases); it's not in any 1.4.x release.

answered 17 Jan '12, 11:42

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%